The question was not "can I secure a Linux box without a hardware firewall". The question (or statement really) was "will a firewall add jitter and lower performance". That answer is obviously a big NO. Can you secure a Linux (or even Windows) machine by closing ports? Sure. It helps immensely. However, an advantage of hardware is that you are physically separating the traffic from the end point. Sure, all the ports closed on a Linux box can protect that machine. However, having only web (for example) traffic going to your Apache server is really beneficial. The server can focus on delivering pages and not spend any CPU cycles on "is this a good packet? Should I drop it?". A firewall (software or hardware) should also be able to better deal with DOS and things of that nature. Port securing does nothing to assist with DOS.
So... You are totally right, you can secure a box that way. However, a firewall (be it software or hardware) is far superior a method. I prefer the hardware method myself as it is a matter of management and additional features. However, for some, a software method may be better. I ran Mandrake SNF (a shorewall implementation) for a long time so I have been there. Considering you can run a Linux firewall on a 386 machine worth $20 makes the fact that so many people don't have firewalls seem just ridiculous. W -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rich Adamson Sent: Wednesday, August 10, 2005 8:58 PM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: RE: [Asterisk-Users] Firewall will definately increase jittersinyourvoice conversation That's a crack of crap sold by the marketing (not sales) people selling firewalls. "If" you know what you're doing, one can very easily secure any linux system to function on the Internet (etc) without a firewall. It all depends on your level of knowledge/skills on how to disable those items that are not really needed in your environment. Start with a 'netstat -a' to identify those ports that are listening, and shut those items down that you don't want exposed. You "can" do the same for any MS system as well. ------------------------ > Wiley is definitely right. It would be dangerous not to have a > firewall for security reasons. > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Wiley > Siler > Sent: Wednesday, August 10, 2005 2:27 PM > To: Asterisk Users Mailing List - Non-Commercial Discussion > Subject: RE: [Asterisk-Users] Firewall will definately increase > jitters inyourvoice conversation > > Lokesh, > > While adding a firewall may add a tiny bit of latency (non-noticeable > by the way) it in no way means you are gonna get jitter. An over > utilized data line might cause that but a firewall in and of itself > will not. I use a Pix to route my VoIP to an ITSP and I could not be > happier. To say that using a firewall causes high latency is incorrect. > > Thanks, > Wiley > > > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Lokesh > kumar > Sent: Wednesday, August 10, 2005 10:57 AM > To: [email protected] > Subject: [Asterisk-Users] Firewall will definately increase jitters in > yourvoice conversation > > Hi, > > If you will put firewall, then i think you will get high latency and > consequently you will hear voice jitter in your conversation. so avoid > putting firewall. > > Regards > Lokesh > Portugal > mail [EMAIL PROTECTED] > > > > > > > ____________________________________________________ > Send a rakhi to your brother, buy gifts and win attractive prizes. Log > on to http://in.promos.yahoo.com/rakhi/index.html > _______________________________________________ > Asterisk-Users mailing list > [email protected] > http://lists.digium.com/mailman/listinfo/asterisk-users > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users > _______________________________________________ > Asterisk-Users mailing list > [email protected] > http://lists.digium.com/mailman/listinfo/asterisk-users > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users > _______________________________________________ > Asterisk-Users mailing list > [email protected] > http://lists.digium.com/mailman/listinfo/asterisk-users > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users > ---------------End of Original Message----------------- _______________________________________________ Asterisk-Users mailing list [email protected] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users _______________________________________________ Asterisk-Users mailing list [email protected] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
